Encryption error when connecting to Postgres 16

[icereed]

Hello :)

Thanks firstly to provide this awesome lib.

I almost got it working but the provider fails to connect to the Postgres instance. I saw that by default with Postgres 16 in RDS force_ssl is set to true.

Now I get this error when connecting:

no pg_hba.conf entry for host \"10.3.126.123\", user \"master\", database \"myDB\", no encryption

Usually when using pg, I would normally need to set the client option like this:

ssl: {
   rejectUnauthorized: true,
   ca: fs.readFileSync(path.join(__dirname, '../../../certificates/rds-combined-ca-bundle.pem')).toString(),
};

In the lambda I don't see any option to achieve this. Any ideas?

[berenddeboer]

I would say ssl should always be true? But to be honest, I haven't checked this is the case, I've simply assumed ssl is used out of the box.

Anyway, in handler.ts you see the code that connects to the database (line 293). So you could make changes there. However, it seems you are using a custom certificate? That seems to be the real issue?

To make this work, the provider would need to receive the path of a custom certificate, and this certificate must be uploaded with the lambda, so it has access to this. Something like that.

[djcass44]

After a brief look at the pg source, this CustomResource will never use TLS as there is no way to set ssl: true or set the sslmode via the connection string.

It would be good to be able to provide a custom certificate, however even just tacking ssl: true in here would be a huge improvement.

I'm currently not able to use this CustomResource because our RDS instances only allow encrypted connection.

Given that it's a 1 line change I'd be happy to put up an MR

[berenddeboer]

Reverted commit. Couldn't make this build actually.